ext4 endless "orphan list check failed!" spew/lockup

linux-ext4.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* ext4 endless "orphan list check failed!" spew/lockup
@ 2015-12-01 16:42 Vegard Nossum
  2015-12-01 17:30 ` Vegard Nossum
  0 siblings, 1 reply; 3+ messages in thread
From: Vegard Nossum @ 2015-12-01 16:42 UTC (permalink / raw)
  To: Theodore Ts'o, Andreas Dilger; +Cc: linux-ext4

[-- Attachment #1: Type: text/plain, Size: 7021 bytes --]

Hi,

Mounting the attached filesystem image (fuzzed) on latest linus/master
causes an endless stream of the following output on the console:

EXT4-fs (loop0): Inode 5 (ffff8800153ed720): orphan list check failed!
ffff8800153ed720: 00000000 00000000 00000000 00000000  ................
ffff8800153ed730: 00000000 00000000 00000000 00000000  ................
ffff8800153ed740: 00000000 00000000 00000000 00000000  ................
ffff8800153ed750: 00000000 00000000 00000000 00000000  ................
ffff8800153ed760: 00000000 00000000 00000000 00000000  ................
ffff8800153ed770: 00000000 00000000 00000000 00000000  ................
ffff8800153ed780: 153ed780 ffff8800 153ed780 ffff8800  ..>.......>.....
ffff8800153ed790: 00000000 00000000 00000000 00000000  ................
ffff8800153ed7a0: 153edcc0 ffff8800 15a0b920 ffff8800  ..>..... .......
ffff8800153ed7b0: 00000000 00000000 00000000 00000000  ................
ffff8800153ed7c0: 153ed7c0 ffff8800 153ed7c0 ffff8800  ..>.......>.....
ffff8800153ed7d0: 00000000 00000000 00000000 00000000  ................
ffff8800153ed7e0: 00008000 00000000 00000000 00000000  ................
ffff8800153ed7f0: ffffffff ffffffff ffffffff ffffffff  ................
ffff8800153ed800: 82080e80 ffffffff 15a0c050 ffff8800  ........P.......
ffff8800153ed810: 153ed938 ffff8800 0007dc80 ffff8800  8.>.............
ffff8800153ed820: 00000005 00000000 00000000 00000000  ................
ffff8800153ed830: 00000000 00000000 565dc7b8 00000000  ..........]V....
ffff8800153ed840: 00000000 00000000 565dc7b8 00000000  ..........]V....
ffff8800153ed850: 00000000 00000000 565dc7b8 00000000  ..........]V....
ffff8800153ed860: 00000000 00000000 00000000 00000000  ................
ffff8800153ed870: 0000000a 00000000 00000000 00000000  ................
ffff8800153ed880: 00000060 00000000 00000001 00000000  `...............
ffff8800153ed890: 153ed890 ffff8800 153ed890 ffff8800  ..>.......>.....
ffff8800153ed8a0: 00000000 00000000 00000000 00000000  ................
ffff8800153ed8b0: 00000000 00000000 00000000 00000000  ................
ffff8800153ed8c0: 00000000 00000000 00000000 00000000  ................
ffff8800153ed8d0: 153ed8d0 ffff8800 153ed8d0 ffff8800  ..>.......>.....
ffff8800153ed8e0: 153ed8e0 ffff8800 153ed8e0 ffff8800  ..>.......>.....
ffff8800153ed8f0: 153ed8f0 ffff8800 153ed8f0 ffff8800  ..>.......>.....
ffff8800153ed900: 00000000 00000000 81317bc0 ffffffff  .........{1.....
ffff8800153ed910: 00000000 00000000 00000000 00000000  ................
ffff8800153ed920: 00000000 00000000 82080fa0 ffffffff  ................
ffff8800153ed930: 00000000 00000000 153ed7e0 ffff8800  ..........>.....
ffff8800153ed940: 00000000 02080020 00000000 00000000  .... ...........
ffff8800153ed950: 00000000 00000000 00000000 00000000  ................
ffff8800153ed960: 00000000 00000000 153ed968 ffff8800  ........h.>.....
ffff8800153ed970: 153ed968 ffff8800 00000000 00000000  h.>.............
ffff8800153ed980: 00000000 00000000 00000000 00000000  ................
ffff8800153ed990: 00000000 00000000 00000000 00000000  ................
ffff8800153ed9a0: 82080d80 ffffffff 024200ca 00000000  ..........B.....
ffff8800153ed9b0: 00000000 00000000 153ed9b8 ffff8800  ..........>.....
ffff8800153ed9c0: 153ed9b8 ffff8800 00000000 00000000  ..>.............
ffff8800153ed9d0: 153ed9d0 ffff8800 153ed9d0 ffff8800  ..>.......>.....
ffff8800153ed9e0: 00000000 00000000 00000000 00000000  ................
ffff8800153ed9f0: 00000000 00000000 00000000 00000000  ................
ffff8800153eda00: 00000000 00000000 00000000 00000000  ................
ffff8800153eda10: 00000000 00000000 00000000 00000000  ................
ffff8800153eda20: 153eda20 ffff8800 153eda20 ffff8800   .>..... .>.....
ffff8800153eda30: 00000000 00000000 00000000 00000000  ................
ffff8800153eda40: 00000000 00000000 00000000 00000000  ................
ffff8800153eda50: 153eda50 ffff8800 153eda50 ffff8800  P.>.....P.>.....
ffff8800153eda60: 00000000 00000000 00000000 ffffffff  ................
ffff8800153eda70: 00000000 00000000 00000000 00000000  ................
ffff8800153eda80: 00000000 00000000 00000000 00000000  ................
ffff8800153eda90: 00000000 00000000 00000000 00000000  ................
ffff8800153edaa0: 153edaa0 ffff8800 153edaa0 ffff8800  ..>.......>.....
ffff8800153edab0: 00000000 00000000 ffffffe0 0000000f  ................
ffff8800153edac0: 153edac0 ffff8800 153edac0 ffff8800  ..>.......>.....
ffff8800153edad0: 81302e40 ffffffff 00000000 00000003  @.0.............
ffff8800153edae0: 00000003 00000000 00000000 00000000  ................
ffff8800153edaf0: 00000000 00000000 00000000 00000000  ................
ffff8800153edb00: 00000000 00000000                    ........
CPU: 1 PID: 957 Comm: mount Not tainted 4.4.0-rc3+ #244
  ffffffff820ac0c0 ffff88001562f868 ffffffff81610cc9 ffff8800153ed7e0
  ffff88001562f8a0 ffffffff8133097a 00000000000003e8 ffffffff00000001
  ffff8800153ed7e0 ffffffff820ac0c0 ffff8800153ed880 ffff88001562f8c0
Call Trace:
  [<ffffffff81610cc9>] dump_stack+0x44/0x5b
  [<ffffffff8133097a>] ext4_destroy_inode+0xba/0xc0
  [<ffffffff8125440f>] destroy_inode+0x5f/0x80
  [<ffffffff81254d75>] evict+0x1e5/0x270
  [<ffffffff81256217>] iput+0x297/0x350
  [<ffffffff813393c5>] ext4_fill_super+0x4fa5/0x53b0
  [<ffffffff8121f53a>] ? deactivate_slab+0x32a/0x3e0
  [<ffffffff8161e1e1>] ? strnlen+0x31/0x60
  [<ffffffff81334420>] ? ext4_calculate_overhead+0x530/0x530
  [<ffffffff816233f8>] ? snprintf+0x88/0xa0
  [<ffffffff810e2e91>] ? up_write+0x11/0x30
  [<ffffffff811c902a>] ? register_shrinker+0xca/0x110
  [<ffffffff8128329e>] ? set_blocksize+0x8e/0x140
  [<ffffffff81232614>] mount_bdev+0x284/0x2e0
  [<ffffffff81334420>] ? ext4_calculate_overhead+0x530/0x530
  [<ffffffff81232390>] ? mount_ns+0xc0/0xc0
  [<ffffffff8122356e>] ? __kmalloc_track_caller+0xbe/0x190
  [<ffffffff811d656e>] ? kstrdup_const+0x1e/0x20
  [<ffffffff81224796>] ? memcpy+0x36/0x40
  [<ffffffff81317da0>] ext4_mount+0x10/0x20
  [<ffffffff812328e6>] mount_fs+0x56/0x1b0
  [<ffffffff8125ba32>] ? alloc_vfsmnt+0x2f2/0x350
  [<ffffffff8125e116>] vfs_kern_mount+0x66/0x190
  [<ffffffff8125fc32>] do_mount+0x362/0x16b0
  [<ffffffff8121fb72>] ? ___slab_alloc+0x152/0x470
  [<ffffffff8125f8d0>] ? copy_mount_string+0x20/0x20
  [<ffffffff81223986>] ? kasan_unpoison_shadow+0x36/0x50
  [<ffffffff81223bbe>] ? kasan_kmalloc+0x5e/0x70
  [<ffffffff81223bdd>] ? kasan_slab_alloc+0xd/0x10
  [<ffffffff8122356e>] ? __kmalloc_track_caller+0xbe/0x190
  [<ffffffff811d66c1>] ? strndup_user+0x41/0x70
  [<ffffffff8125f703>] ? copy_mount_options+0x23/0x1d0
  [<ffffffff811d664d>] ? memdup_user+0x3d/0x70
  [<ffffffff812614b6>] SyS_mount+0xf6/0x160
  [<ffffffff812613c0>] ? copy_mnt_ns+0x440/0x440
  [<ffffffff81f7d82e>] entry_SYSCALL_64_fastpath+0x12/0x71

This seems to lock up the VM as well.

A quick look/guess suggests maybe a cycle in the orphan list, maybe
something in ext4_orphan_del() could cause an infinite loop in the cleanup?

I can test patches. Thanks,


Vegard

[-- Attachment #2: ext4.1.bz2 --]
[-- Type: application/x-bzip, Size: 1200 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: ext4 endless "orphan list check failed!" spew/lockup
  2015-12-01 16:42 ext4 endless "orphan list check failed!" spew/lockup Vegard Nossum
@ 2015-12-01 17:30 ` Vegard Nossum
  2015-12-01 18:05   ` Vegard Nossum
  0 siblings, 1 reply; 3+ messages in thread
From: Vegard Nossum @ 2015-12-01 17:30 UTC (permalink / raw)
  To: Theodore Ts'o, Andreas Dilger; +Cc: linux-ext4

On 12/01/2015 05:42 PM, Vegard Nossum wrote:
> Mounting the attached filesystem image (fuzzed) on latest linus/master
> causes an endless stream of the following output on the console:
>
> EXT4-fs (loop0): Inode 5 (ffff8800153ed720): orphan list check failed!

Just wanted to add that on a kernel with linked list debugging I also
see an endless stream of the following warning, which could be related?

WARNING: CPU: 0 PID: 924 at lib/list_debug.c:36 __list_add+0xf9/0x100()
list_add double add: new=00000000dfba0070, prev=00000000dffba970, 
next=00000000dfba0070.
CPU: 0 PID: 924 Comm: mount.exe Tainted: G        W       4.4.0-rc3 #1
Stack:
  df7f59b0 60075642 6071c3ae 00000009
  df7f5a30 600bc4fe df7f59c0 603f1e5f
  df7f5a20 600412cd df7f59e0 6040d859
Call Trace:
  [<60029f9b>] show_stack+0xdb/0x1a0
  [<603f1e5f>] dump_stack+0x2a/0x3b
  [<600412cd>] warn_slowpath_common+0x9d/0xf0
  [<600413f4>] warn_slowpath_fmt+0x94/0xa0
  [<6040d859>] __list_add+0xf9/0x100
  [<601b28d4>] ext4_fill_super+0x3e04/0x4040
  [<601094ce>] mount_bdev+0x1fe/0x230
  [<601a7425>] ext4_mount+0x45/0x50
  [<60109763>] mount_fs+0x33/0x210
  [<60128fc4>] vfs_kern_mount+0x74/0x170
  [<6012a900>] do_mount+0x260/0x1010
  [<6012bb9b>] SyS_mount+0xab/0x120

Unfortunately I don't have the debug info anymore, but I could try to
rebuild and see if it triggers again if necessary.

Thanks,


Vegard

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: ext4 endless "orphan list check failed!" spew/lockup
  2015-12-01 17:30 ` Vegard Nossum
@ 2015-12-01 18:05   ` Vegard Nossum
  0 siblings, 0 replies; 3+ messages in thread
From: Vegard Nossum @ 2015-12-01 18:05 UTC (permalink / raw)
  To: Theodore Ts'o, Andreas Dilger; +Cc: linux-ext4

On 12/01/2015 06:30 PM, Vegard Nossum wrote:
> On 12/01/2015 05:42 PM, Vegard Nossum wrote:
>> Mounting the attached filesystem image (fuzzed) on latest linus/master
>> causes an endless stream of the following output on the console:
>>
>> EXT4-fs (loop0): Inode 5 (ffff8800153ed720): orphan list check failed!
>
> Just wanted to add that on a kernel with linked list debugging I also
> see an endless stream of the following warning, which could be related?
>
> WARNING: CPU: 0 PID: 924 at lib/list_debug.c:36 __list_add+0xf9/0x100()
> list_add double add: new=00000000dfba0070, prev=00000000dffba970,
> next=00000000dfba0070.
> CPU: 0 PID: 924 Comm: mount.exe Tainted: G        W       4.4.0-rc3 #1
> Stack:
>   df7f59b0 60075642 6071c3ae 00000009
>   df7f5a30 600bc4fe df7f59c0 603f1e5f
>   df7f5a20 600412cd df7f59e0 6040d859
> Call Trace:
>   [<60029f9b>] show_stack+0xdb/0x1a0
>   [<603f1e5f>] dump_stack+0x2a/0x3b
>   [<600412cd>] warn_slowpath_common+0x9d/0xf0
>   [<600413f4>] warn_slowpath_fmt+0x94/0xa0
>   [<6040d859>] __list_add+0xf9/0x100
>   [<601b28d4>] ext4_fill_super+0x3e04/0x4040

This is

fs/ext4/super.c:2269, ext4_orphan_cleanup():

list_add(&EXT4_I(inode)->i_orphan, &EXT4_SB(sb)->s_orphan);


Vegard

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2015-12-01 18:05 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-01 16:42 ext4 endless "orphan list check failed!" spew/lockup Vegard Nossum
2015-12-01 17:30 ` Vegard Nossum
2015-12-01 18:05   ` Vegard Nossum

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).